Hacker Group Changes Millions of Passwords to “password”; Only 38% of Users Noticehttp://www.f-secure.com/weblog/archives/00002134.html
â€œPasswords from over 3,000,000 user accounts were apparently set to “password” late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected users are completely unaware of the attack.â€

We already have a blog aggregation that we host at planet.securabit.com and our new exploit developer’s corner. There is also a guest form on our contact page, so if you’re interested in being on the show or doing an interview of any sort, please fill that out!

What else do you want us to have? Perhaps bringing back the forums or introducing a mailing list? Challenges? Pictures of cats with lockpicks? Â Please leave comments!

Please note, if you want us to revive our forums, we’re going to conscript you into slave labor to admin them. Thanks 🙂

This past weekend our newest SecuraBit co-host Dan Mitchell got a chance to attend Thotcon, a non-profit, non-commercial hacking conference held in the “Windy City”. Â Here is what Dan had to say:

The conference benefits from strong support by a vibrant local hacking community and a nice mix of infosecÂ professionalsÂ and underground hackers alike. I was impressed by the quality of the presentations and the amount of knowledge and information I was able to condense into my brain in just 10 short hours. On the topic of “time”, the conference kicked off with a most excellent presentation called “pwning time” by Mark Hardy. Mark, also known for his outstanding DEFCON presentation “A Hacker looks at 50” is a veteran in the industry and somebody who personifies the true “hacking” spirit. Mark’sÂ presentationÂ was ultimately a bevy of wisdom on how we can better manage our time and figure out “what we want to be when we grow up”. I recommend checking out what he has to say, it is trulyÂ inspirational. By far my favorite presentation was given by Chris Roberts and Jesse Diekman called “Planes, Trains and Automobiles”. It was during this presentation that I was introduced to “Tractor Jacking” i.e. Chris and Jesses’sÂ successfulÂ attemptÂ at remotely hacking into the OS of large industrial tracktors and taking them for a spin. Â They also demonstrated how they where able to stand on a bridge and wirelessly hack into the OS (AUTOSAR) of passerby cars and do everything from disabling the ABS to grabbing and reading sensitive configuration files. The presentation wasÂ simultaneouslyÂ frighting and hilarious and served as a reminder that a the vulnerability landscape extends far beyond mobile devices, cloud services, desktops and servers.

Dan had the opportunity to speak personally with Chris after his presentation and we will hopefully be arranging to get him on the show soon. All of the presentations will be available on the ThotCon website in the near future. If you are looking for a unique hacker con, one that is different from the run of mill cons we see every year, ThotCon is definitely worth checking out.

Any of you that have a hand in the patching systems cookie jar are probably reaching for that 4th or 5th cup of coffee by now. Â Microsoft put put 17 bulletins covering 64 security fixes today in what is the largest number of patches dropped on a single day.

If you stay in hotels, have a bank account or credit card, or shop (online, from your TV or good old fashioned brick and mortar), there’s a good chance you will be the proud new owner of some data breach notification emails. Yay.

Last week Epsilon Data Management notified its customers of a data breach. In turn it’s Epsilon’s customers, including hotel chains, banks, retail stores, etc. (see the Krebs on Security link below for a more complete list) are now notifying their customers.

Here is some great coverage, as well as possible implications andÂ recommendationsÂ if your organization may be sharing data with third parties:

On March 31, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Best Buy customers were accessed without authorization.

We have been assured by Epsilon that the only information that may have been obtained was your email address and that the accessed files did not include any other information. A rigorous assessment by Epsilon determined that no other information is at risk. We are actively investigating to confirm this.

For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails. As our experts at Geek Squad would tell you, be very cautious when opening links or attachments from unknown senders.

In keeping with best industry security practices, Best Buy will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site, www.bestbuy.com. If you receive an email asking for personal information, delete it. It did not come from Best Buy.

Our service provider has reported this incident to the appropriate authorities.

We regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information. For more information on keeping your data safe, please visit:

We feel better now knowing “the only information that may have been obtained was your email address and that the accessed files did not include any other information.” Â We’re doomed if we need to rely on Geek Squad to help prevent us from future attacks.